Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.
League of Legends is Hacked,
with Cru...
Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.
One of the world's most popular onlin...
Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.
Salting
Stored representation differs...
Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.
Riot Games, which developed League of...
Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.
Hackers have breached the
system of o...
Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.
A salt is a random value used in a ha...
Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.
Active Online Attack: Hash Injection ...
Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.
LM “Hash” Generation
cehpass1
Concate...
Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.
League of Legends hit the scene nearl...
Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.
The affected users are only those
who...
Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.
"We are investigating that
approximat...
Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.
In 2011, LulzSec claimed responsibili...
Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.
In July, a Ubisoft security breach le...
Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.
Riot Games, the company is institutin...
Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.
PWDUMP extracts LM
and NTLM password
...
Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.
L0phtCrack
http://www.l0phtcrack.com
...
Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.
To know more about these
attacks and ...
Upcoming SlideShare
Loading in...5
×

League of legends is hacked, with crucial user info accessed

554

Published on

One of the world's most popular online video games falls prey to a security breach involving usernames, e-mail addresses, salted passwords, and 120,000 salted credit card numbers. For more information, please visit http://iclass.eccouncil.org

Published in: Technology
2 Comments
1 Like
Statistics
Notes
  • free download games online hack setup 100% Working : http://www.mediafire.com/download/061lqafi8u36i3l/
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Mediafire Download : https://www.mediafire.com/?juwhqopku0ipjph
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
No Downloads
Views
Total Views
554
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
30
Comments
2
Likes
1
Embeds 0
No embeds

No notes for slide

League of legends is hacked, with crucial user info accessed

  1. 1. Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited. League of Legends is Hacked, with Crucial User info Accessed - A Case Study
  2. 2. Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited. One of the world's most popular online video games falls prey to a security breach involving usernames, e-mail addresses, salted passwords, and 120,000 salted credit card numbers.
  3. 3. Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited. Salting Stored representation differs Salting technique prevents deriving passwords from the password file Advantage: Defeats pre-computed hash attacks Unique Password Note:Windows password hashes are not salted. Alice:root:b4ef21:3ba4303ce24a83fe0317608de02bf38d Bob:root:a9c4fa:3282abd0308323ef0349dc7232c349ac Cecil:root:209be1:a483b303c23af34761de02be038fde08 Salting Same password but different hashes
  4. 4. Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited. Riot Games, which developed League of Legends, announced that some usernames, e- mail addresses, salted password hashes, first and last names, and even some salted credit card numbers have been accessed.The salted data is somewhat protected, but if users have easily guessable passwords, their information could be susceptible to theft, Riot Games warned.
  5. 5. Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited. Hackers have breached the system of one of the world's most popular online video games: League of Legends
  6. 6. Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited. A salt is a random value used in a hash algorithm to make it more secure. Hashing is used to verify the integrity of data and protect sensitive information, like passwords. Common hash algorithms include md5 and SHA-1.
  7. 7. Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited. Active Online Attack: Hash Injection Attack A hash injection attack allows an attacker to inject a compromised hash into a local session and use the hash to validate to network resources The attacker finds and extracts a logged on domain admin account hash The attacker uses the extracted hash to log on to the domain controller Attacker Victim Computer Inject a compromised hash into a local session
  8. 8. Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited. LM “Hash” Generation cehpass1 Concatenate LM Hash CEHPASS 1****** ConstantConstant DES DES Padded with NULL to 14 characters Converted to the uppercase Separated into two 7-character strings
  9. 9. Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited. League of Legends hit the scene nearly four years ago, and in some ways completely flew under the radar for most casual observers of the gaming industry. However, in that short time frame, League quickly acquired millions of players that stay addicted to the evolution of the game.
  10. 10. Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited. The affected users are only those who live in North America. While the accessed credit card information is alarming, it pertains only to records from 2011 and earlier.
  11. 11. Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited. "We are investigating that approximately 120,000 transaction records from 2011 that contained hashed and salted credit card numbers have been accessed," Riot Games wrote in a blog post
  12. 12. Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited. In 2011, LulzSec claimed responsibility for launching a distributed denial-of-service attack on ZeniMax, which makes Fallout 3, Doom, and Quake. Handler Handler Attacker Compromised PCs (Zombies) Compromised PCs (Zombies) Attacker sets a handler system Handler infects a large number of computers over Internet Zombie systems are instructed to attack a target server 1 1 2 2 3 3 How Distributed Denial of Service AttacksWork South Korea Web Servers
  13. 13. Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited. In July, a Ubisoft security breach led to hackers accessing usernames, e-mail addresses, and encrypted passwords.
  14. 14. Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited. Riot Games, the company is instituting new security features, such as e-mail verification and two-factor authentication, and is also requiring users to change their passwords to "stronger ones that are much harder to guess."
  15. 15. Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited. PWDUMP extracts LM and NTLM password hashes of local user accounts from the Security Account Manager (SAM) database Attacker fgdump.exe -h 192.168.0.10 -u AnAdministrativeUser -p l4mep4ssw0rd pwdump7.exe Dumps a remote machine (192.168.0.10) using a specified user pwdump7 and fgdump
  16. 16. Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited. L0phtCrack http://www.l0phtcrack.com L0phtCrack is a password auditing and recovery application packed with features such as scheduling, hash extraction from 64-bitWindows versions, multiprocessor algorithms, and networks monitoring and decoding
  17. 17. Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited. To know more about these attacks and how to secure your Information Systems become a Certified Ethical Hacker
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×